Security Exception when in Medium trust

3 posts, 0 answers
  1. Roger
    Roger avatar
    38 posts
    Member since:
    May 2008

    Posted 07 Mar 2011 Link to this post


    I'm getting a security exception when using the RadEditor in Medium Trust

    Web.config 
     

    <

     

    system.web  

     

     

    <

     

    trust level="Medium" originUrl="" />

     

     

     

    ....
    ... 

     

    <httpHandlers>
          <remove verb="*" path="*.asmx" />
          <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
          <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
          <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false" />
          <add path="ChartImage.axd" type="Telerik.Web.UI.ChartHttpHandler" verb="*" validate="false" />
          <add path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler" verb="*" validate="false" />
          <add path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" verb="*" validate="false" />
          <add path="Telerik.RadUploadProgressHandler.ashx" type="Telerik.Web.UI.RadUploadProgressHandler" verb="*" validate="false" />
          <add path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource, Telerik.Web.UI" verb="*" validate="false" />
      
        </httpHandlers>
      
    <system.webServer>
        <validation validateIntegratedModeConfiguration="false" />
        <modules>
          <remove name="ScriptModule" />
          <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
          <remove name="RadUploadModule" />
          <add name="RadUploadModule" type="Telerik.Web.UI.RadUploadHttpModule" preCondition="integratedMode,runtimeVersionv2.0" />
          <remove name="RadCompression" />
          <add name="RadCompression" type="Telerik.Web.UI.RadCompression" preCondition="integratedMode,runtimeVersionv2.0" />
        </modules>
        <handlers>
          <remove name="WebServiceHandlerFactory-Integrated" />
          <remove name="ScriptHandlerFactory" />
          <remove name="ScriptHandlerFactoryAppServices" />
          <remove name="ScriptResource" />
          <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
          <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
      
          <add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
      
          <remove name="ChartImage_axd" />
          <add name="ChartImage_axd" path="ChartImage.axd" type="Telerik.Web.UI.ChartHttpHandler" verb="*" preCondition="integratedMode,runtimeVersionv2.0" />
          <remove name="Telerik_Web_UI_SpellCheckHandler_axd" />
          <add name="Telerik_Web_UI_SpellCheckHandler_axd" path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler" verb="*" preCondition="integratedMode,runtimeVersionv2.0" />
          <remove name="Telerik_Web_UI_DialogHandler_aspx" />
          <add name="Telerik_Web_UI_DialogHandler_aspx" path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" verb="*" preCondition="integratedMode,runtimeVersionv2.0" />
          <remove name="Telerik_RadUploadProgressHandler_ashx" />
          <add name="Telerik_RadUploadProgressHandler_ashx" path="Telerik.RadUploadProgressHandler.ashx" type="Telerik.Web.UI.RadUploadProgressHandler" verb="*" preCondition="integratedMode,runtimeVersionv2.0" />
          <remove name="Telerik_Web_UI_WebResource_axd" />
      
          <add name="Telerik_Web_UI_WebResource_axd" path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource, Telerik.Web.UI" verb="*" preCondition="integratedMode,runtimeVersionv2.0" />
      
        </handlers>
        <defaultDocument>
          <files>
            <clear />
            <add value="default.aspx" />
            <add value="index.html" />
            <add value="Default.htm" />
            <add value="index.htm" />
            <add value="Default.asp" />
            <add value="iisstart.htm" />
          </files>
        </defaultDocument>
      </system.webServer>

    Master Page
      
    <form id="form1" runat="server">
        <telerik:RadScriptManager ID="RadScriptManager1" OutputCompression="AutoDetect" ScriptMode="Release" runat="server" LoadScriptsBeforeUI="True"
            EnableScriptCombine="True">
            <Scripts>
                <%--Needed for JavaScript IntelliSense in VS2010--%>
                <%--For VS2008 replace RadScriptManager with ScriptManager--%>
                <asp:ScriptReference Assembly="Telerik.Web.UI" Name="Telerik.Web.UI.Common.Core.js" />
                <asp:ScriptReference Assembly="Telerik.Web.UI" Name="Telerik.Web.UI.Common.jQuery.js" />
                <asp:ScriptReference Assembly="Telerik.Web.UI" Name="Telerik.Web.UI.Common.jQueryInclude.js" />
            </Scripts>
        </telerik:RadScriptManager>
        <telerik:RadStyleSheetManager ID="RadStyleSheetManager1" OutputCompression="AutoDetect"  runat="server">
        </telerik:RadStyleSheetManager>
        <%--RestoreOriginalRenderDelegate="false" needed for godaddy hosting, which runs in Medium Trust--%>
        <telerik:RadAjaxManager ID="RadAjaxManager1" runat="server" RestoreOriginalRenderDelegate="false">
        </telerik:RadAjaxManager>
        <telerik:RadSkinManager ID="RadSkinManager1" runat="server">
        </telerik:RadSkinManager>
        <telerik:RadWindowManager EnableEmbeddedSkins="true" ID="RadWindowManager1" runat="server"
            InitialBehaviors="None" EnableViewState="true" DestroyOnClose="true" Behaviors="Close, Resize, Maximize, Move"
            ShowContentDuringLoad="true">
            <Windows>
                <telerik:RadWindow runat="server" InitialBehaviors="None" Left="" Top="" ID="Features"
                    Behaviors="Close, Resize, Maximize, Move" Height="400" Modal="True" VisibleStatusbar="false"
                    Width="1000px" DestroyOnClose="false" ShowContentDuringLoad="true" ReloadOnShow="True"
                    OnClientClose="ClearWindow" Animation="None" NavigateUrl="">
                </telerik:RadWindow>
            </Windows>
        </telerik:RadWindowManager>
        <telerik:RadFormDecorator ID="RadFormDecorator2"  DecoratedControls="All" runat="server"
            DecorationZoneID="ZoneID1"></telerik:RadFormDecorator>
        <div class="DesignWidth" style="height: 100%;">
            <div id="ZoneID1" style="height: 100%;">
                <uc1:Header ID="Header1" runat="server" />
                <uc2:Menu ID="Menu1" runat="server" />
                <telerik:RadAjaxPanel ID="PagePanel" runat="server" LoadingPanelID="RadAjaxLoadingPanel1"
                    RestoreOriginalRenderDelegate="false">
                    <asp:ContentPlaceHolder ID="ContentPlaceHolder1" runat="server">
                    </asp:ContentPlaceHolder>
                </telerik:RadAjaxPanel>
            </div>
        </div>
        <telerik:RadAjaxLoadingPanel ID="RadAjaxLoadingPanel1"  runat="server" HorizontalAlign="Center"
            Skin="Default">
        </telerik:RadAjaxLoadingPanel>
        </form>

    Content Page
      
    <%@ Page Title="" Language="vb" AutoEventWireup="false" MasterPageFile="~/TenkillerTaxidermy.Master" CodeBehind="Test.aspx.vb" Inherits="TenkillerTaxidermy.Test" %>
      
    <%@ Register Assembly="Telerik.Web.UI" Namespace="Telerik.Web.UI" TagPrefix="telerik" %>
    <asp:Content ID="Content1" ContentPlaceHolderID="ContentPlaceHolder1" runat="server">
      
    <telerik:RadEditor ID="reap_HTMLContent" ToolbarMode="Default" ContentAreaMode="Div"
                                        AllowScripts="true" runat="Server" Width="875px" AutoResizeHeight="false">
                                        <Modules>
                                            <telerik:EditorModule Name="RadEditorHtmlInspector" Enabled="false" Visible="false" />
                                            <telerik:EditorModule Name="RadEditorNodeInspector" Enabled="false" Visible="false" />
                                            <telerik:EditorModule Name="RadEditorDomInspector" Enabled="false" Visible="false" />
                                            <telerik:EditorModule Name="RadEditorStatistics" Enabled="true" Visible="true" />
                                        </Modules>
                                    </telerik:RadEditor>
      
    </asp:Content>


    Exception
    Security Exception 
    Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. 
      
    Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
      
    Source Error: 
      
    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.  
      
    Stack Trace: 
      
      
    [SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
       System.Security.CodeAccessSecurityEngine.SpecialDemand(PermissionType whatPermission, StackCrawlMark& stackMark) +0
       System.Security.CodeAccessPermission.DemandInternal(PermissionType permissionType) +30
       System.Runtime.Serialization.Formatters.Binary.ObjectWriter.Serialize(Object graph, Header[] inHeaders, __BinaryWriter serWriter, Boolean fCheck) +143
       System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Serialize(Stream serializationStream, Object graph, Header[] headers, Boolean fCheck) +231
       System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Serialize(Stream serializationStream, Object graph) +17
       System.Web.UI.ObjectStateFormatter.SerializeValue(SerializerBinaryWriter writer, Object value) +3316
      
       
      
      
    --------------------------------------------------------------------------------
    Version Information: Microsoft .NET Framework Version:2.0.50727.4952; ASP.NET Version:2.0.50727.4955
  2. Roger
    Roger avatar
    38 posts
    Member since:
    May 2008

    Posted 08 Mar 2011 Link to this post

    I've managed to track this issue down to the below in my App_Browsers page, this is only an issue when in Medium Trust.  When in Medium trust, I get the Security exceptions as described in the original post.  If I remove the APP_Browswers Director all the RadEditor dialogs seem to work fine in Medium Trust.

    I've also added the below to the web.config, but no change, the security exceptions continues when in medium trust.
    <sessionPageState historySize="20" />


    PageStateAdapter.browser
      
    <browsers>
        <browser refID="Default">
            <controlAdapters>
                <adapter controlType="System.Web.UI.Page"  adapterType="Telerik.Web.UI.RadSessionPageStateCompression" />
            </controlAdapters>
        </browser>
    </browsers>
  3. Rumen
    Admin
    Rumen avatar
    13927 posts

    Posted 10 Mar 2011 Link to this post

    Hi Roger,

    Thank you for reporting this problem.

    I was able to reproduce it and logged it for fixing in our PITS system. We are currently working hard on RadControls for ASP.NET AJAX Q1 2011 and we will be able to investigate this problem after the release, scheduled for the end of next week. Here you can find the PITS Issue and check it status: Public URL.

    Your Telerik points were updated for your bug report as well.

    Best regards,
    Rumen
    the Telerik team
    Registration for Q1 2011 What’s New Webinar Week is now open. Mark your calendar for the week starting March 21st and book your seat for a walk through all the exciting stuff we ship with the new release!
Back to Top